Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAM-21 Fortress Model and Defense in Depth Some revision on Computer Architecture.

Published byBartholomew Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "SAM-21 Fortress Model and Defense in Depth Some revision on Computer Architecture."— Presentation transcript:

1 SAM-21 Fortress Model and Defense in Depth Some revision on Computer Architecture

2 SAM-22 Revision on Computer Architecture Central Processing Unit –Arithmetic Logic Unit –Control Unit Primary Storage Secondary Storage Cache Memory Paging

3 SAM-23 Revision on Computer Architecture Process: a program run in its own address space Thread: a piece of a program inside a process for a certain task, often called a light weight process A thread has less overhead than a process, it is faster to create, to switch to, and destroy

4 SAM-24 Revision on Computer Architecture Multi-tasking –A number of programs can be loaded into a computer’s memory and they would be executed by time-slicing of the CPU Multi-processing –The computer has more than one CPU and can execute more than one program at the same time

5 SAM-25 Revision on Computer Architecture Multi-threading –A style of programming that allows many separate threads of control inside one process. The execution of tasks are easily switched within the process to give more efficient use of the CPU –Must be supported by the OS –Improper use can lead to deadlock

6 SAM-26 Revision on Computer Architecture Virtual Machine An environment created by the OS, in which an application can run and behave as if it had an entire machine all to itself. Windows can have multiple applications running in their own separate virtual machines at the same time. Problem in the virtual machine would not bring down the whole computer

7 SAM-27 Revision on Computer Architecture Operating state of a processor –Ready state –Supervisory state –Problem state –Wait state

8 SAM-28 Fortress Model Watch towers to detect threat Protection by: –Moat –Outer Wall –Inner Wall of Keep Draw bridge and Gate – controlled access Weapons to fight back?

9 SAM-29 Fortress Model for IS Give only authorized access Set up zones of security –Defense in depth –Layer system Anyone outside the gate is suspected Anyone inside is trusted???

10 SAM-210 Design of Computer to give more security Protection rings of CPU or/and OS Segmented memory File permission

11 SAM-211 Protection Ring Protection and access mechanism of CPU First developed in Multics A ring field in the register is used Ring 0 is most privileged, lower-numbered rings have more privileges than higher- number rings Multics has 8 rings

12 SAM-212 Protection Rings of Multics 0 1 2 3 4 5 6 7 |_______________| Write Bracket |______________________________________________| Read Bracket

13 SAM-213 Protection Rings They provide strict boundaries and definitions on what the processes that work within the ring can access and what commands that can successfully execute A process can access objects within its own ring and other objects in the outer rings

14 SAM-214 Protection Rings If a process has to use an object in an inner ring it has to make request through the operation system by making a system call Inner rings are said to work in the supervisor mode, and outer rings in the user mode

15 SAM-215 Protection Rings X86 CPU can have 4 rings Ring 0 – Operating system kernel Ring 1 - Remaining part of the operating system Ring 2 – I/O drivers and utilities Ring 3 – Applications and programs

16 SAM-216 Protection Rings Most processors use only two rings: –Supervisor –User Processes run by the supervisor/kernel are trusted, they can access the device I/O Processes run by the users are not trusted, they can only access the device I/O through system call to the kernel

17 SAM-217 Segmented Memory Most current CPU are multi-tasking A number of programs can be loaded to the memory first CPU is shared by executing one program in one instant and then switch to another program in another instant How to protect the memory space of the processes?

18 SAM-218 Segmented Memory Memory is partitioned into segments Each segment created in virtual memory associated with a process Each segment memory defined by segment address and offset address Control of segment with flags: read, write, execute etc. and according to the access right of the process

19 SAM-219 Segmented Memory It provides isolation of memory space of processes It protects memory from unauthorized access

20 SAM-220 File Permission (UNIX) Users divided into 3 classes to access files and directories User (u) –The user is the owner of the file, usually the person who created it initially. Group (g) –All users are assigned one or more user groups. Therefore, there is also a group ownership associated with each file. Other (o) –All users other than the owner of the file or a member of the file's group

21 SAM-221 Security Controls Physical Technical Administrative

22 SAM-222 Security Controls

23 SAM-223 Protection Rings for Physical Security Ring1 – Areas on the perimeter of the building Ring 2 – Immediate area around the building Ring 3 – Internal location of the building Ring 4 – Human factor

24 SAM-224 Defense in Depth IT Infrastructure Perimeter defense –Firewall, IDS etc Network Infrastructure protection –Sub-netting, packet filtering Host defense –Authentication, system hardening Data Security –File permission, data encryption

25 SAM-225 Defense in Depth for the Home User

26 SAM-226 Examples of Defense in Depth firewalls (more than one between important data and the Internet) tripwire for host integrity host hardening to shut down unneeded services anti-virus protection for email and vulnerable hosts preventative scanning for vulnerabilities

27 SAM-227 Administrative Controls Clearance and Access Rights Segregation of duties Mutual checking Audit trail Username and Password Training Awareness

28 SAM-228 Security is always an attitude

Download ppt "SAM-21 Fortress Model and Defense in Depth Some revision on Computer Architecture."

Similar presentations

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 3 Operating System Organization.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 3 Operating System Organization.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.

Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.
File Management Systems

File Management Systems
CSCE101 – Ch 3 September 14 & 16, 2006. Chapter 3 Computer Software = System Software + Application Software Delineation unclear – (ex. Microsoft Antitrust)

CSCE101 – Ch 3 September 14 & 16, Chapter 3 Computer Software = System Software + Application Software Delineation unclear – (ex. Microsoft Antitrust)
Chapter 11 Operating Systems

Chapter 11 Operating Systems
MEMORY MANAGEMENT By KUNAL KADAKIA RISHIT SHAH. Memory Memory is a large array of words or bytes, each with its own address. It is a repository of quickly.

MEMORY MANAGEMENT By KUNAL KADAKIA RISHIT SHAH. Memory Memory is a large array of words or bytes, each with its own address. It is a repository of quickly.
1 Chapter 4 Threads Threads: Resource ownership and execution.

1 Chapter 4 Threads Threads: Resource ownership and execution.
Information Systems Security Security Architecture Domain #5.

Information Systems Security Security Architecture Domain #5.
OS Concepts An Introduction operating systems. At the end of this module, you should have a basic understanding of what an operating system is, what it.

OS Concepts An Introduction operating systems. At the end of this module, you should have a basic understanding of what an operating system is, what it.
OS Organization. OS Requirements Provide resource abstractions –Process abstraction of CPU/memory use Address space Concurrency Thread abstraction of.

OS Organization. OS Requirements Provide resource abstractions –Process abstraction of CPU/memory use Address space Concurrency Thread abstraction of.
Operating System Organization

Operating System Organization
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
What do operating systems do? manage processes manage memory and computer resources provide security features execute user programs make solving user.

What do operating systems do? manage processes manage memory and computer resources provide security features execute user programs make solving user.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Chapter 51 Threads Chapter 5. 2 Process Characteristics  Concept of Process has two facets.  A Process is: A Unit of resource ownership:  a virtual.

Chapter 51 Threads Chapter 5. 2 Process Characteristics  Concept of Process has two facets.  A Process is: A Unit of resource ownership:  a virtual.
Chapter 2 Operating System Overview Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 2 Operating System Overview Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Chapter 3 Operating Systems Introduction to CS 1 st Semester, 2015 Sanghyun Park.

Chapter 3 Operating Systems Introduction to CS 1 st Semester, 2015 Sanghyun Park.

Similar presentations

Ads by Google